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CLAIMS 

1. A method of configuring a connectivity unit associated with a user for communication 
5 with a service entity across a commvmications infirastructure, said connectivity unit having 

configuration communications parameters pre-installed therein prior to the user taking 
possession of the unit, said method comprising: 

- a first phase in which the user commimicates with a configuration service and passes to 

the latter user-related information including an identity data item, said user-related 
10 information being placed in a corresponding computer record of a data processing 

system of the configuration service; 

- a second phase in which the connectivity unit initiates communication between itself and 

the data processing system of the configuration service across the commimications 
infirastructure by using said preloaded configuration communications parameters, the 

1 5 connectivity unit being identified to the data processing system by said identity data 

item being passed across the communications infirastructure to the data processing 
system, and the data processing system using said identity data item to access the 
related said computer record and thereafter transmit to the connectivity unit 
operational communications parameters for use by the connectivity unit for 

20 commiuiicating with said service entity, said operational communication parameters 

being derived by said configuration service on the basis of the user-related information 
received in said first phase for the user concerned. 

2. A method according to claim 1, wherein the configuration service includes a call center, 
25 the user passing said user-related information to the configuration service during said first 

phase by commvmicating with the call center in one of the following ways: 

- directly by telephone; 

directly by an electronic messaging system; 

- indirectly through a third party who contacts the call center by telephone; 

30 - indirectly through a third party who contacts the call center by an electronic messaging 
system. 
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3. A method according to claim 1, wherein the said identity data item of the user-related 
information is an identity sequence specific to the connectivity unit. 

4. A method according to claim 3, wherein the second phase is automatically carried out 
upon the connectivity unit being powered up and connected to said communications 
infrastructure without the user having to input any data into the connectivity unit, the 
identity sequence of the connectivity unit being stored in a memory of the unit. 

5. A method according to claim 3, wherein the pre-installed configuration communications 
parameters include a public-key / private-key cryptographic key pair with an identity- 
sequence certificate linking the public key to the identity sequence of the connectivity unit; 
the said second phase involving an authentication process in which the identity-sequence 
certificate is passed by the connectivity unit to the data processing system which verifies the 
authenticity of the certificate and thus of the association between the public key and identity 
sequence in the certificate. 

6. A method according to claim 5, wherein the authentication process fiirther involves a 
cryptographic-based challenge-response interchange conducted between the connectivity 
unit and data processing system to confirm that the connectivity unit is the possessor of the 
private key related to the public key passed in the identity-sequence certificate whereby to 
authenticate the unit as the one bearing the identity sequence included in the certificate. 

7. A method according to claim 1, wherein the communications infrastiiictiire comprises a 
telephone network to which the user is a subscriber, the connectivity unit connecting to the 
communications infirastiiictiire through the user's subscriber's connection; said identity data 
item being the telephone number of the user. 

8. A method according to claim 7, wherein the second phase is automatically carried out 
upon the connectivity unit being powered up and connected to said communications 
infrastiiicture without the user having to input any data into the connectivity unit, the 
telephone number of the user being provided to the data processing system in said second 
phase on the basis of caller-id signalling information generated in the telephone network 
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when the connectivity unit initiates communication with the data processing system at the 
start of the second phase. 

9. A method according to claim 1, whereia said user-related information includes an 
identity sequence specific to the connectivity unit and the pre-installed configuration 
communications parameters held by the connectivity unit include a public-key / private-key 
cryptographic key pair with an identity-sequence certificate linking the public key to the 
identity sequence of the connectivity unit; the said second phase involving an authentication 
process in which the identity-sequence certificate is passed by the connectivity unit to the 
data processing system which verifies the authenticity of the certificate and thus of the 
association between the public key and identity sequence in the certificate; and the 
operational communications parameters transmitted fl-om the data processing system to the 
connectivity unit including a user-identity certificate linking the public key of the 
connectivity unit to a user-identity element which forms part of, or is derived fi-om, said 
user-related information and which is held in the computer record associated with the user 
concerned, said user-identity certificate bemg subsequently used by the connectivity unit for 
authenticating itself to said service entity. 

10. A method according to claim 9, wherein said authentication process fiirther involves a 
cryptographic-based challenge-response interchange conducted between the connectivity 
unit and data processing system to confirm that the connectivity unit is the possessor of the 
private key related to the pubhc key passed in the identity-sequence certificate whereby to 
authenticate the unit as the one bearing the identity sequence included m the certificate. 

11. A method according claim 1, wherein the communications infirastructure comprises a 
data network to which the data processing system of the configuration service is connected, 
and an access network to which the user has a subscriber connection and which provides 
access to the data network through a data-network access pomt, the said second phase 
involving the following steps: 

(a) - the connectivity unit connects via the user's subscriber connection across the access 
network to the data-network access point using addressing information for the latter 
held as part of said configuration communication parameters; 
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(b) - the data-network access point authorises access by the connectivity unit to the data 

network on the basis of a usemame and password which are included in said 
configuration communications parameters and are passed to the access point by the 
connectivity unit, the data-network access point effecting this authorisation by using 
the services of an authorisation server of said data processing system; 

(c) - upon access being authorised in step (b), the data-network access point assigns an 

address for the connectivity unit on the data network and passes this address to the 
authorisation server which in turn passes it to a configuration manager of the data 
processing system; and 

(d) - the configuration manager prompted by the authorisation server in step (c) contacts the 

connectivity unit at the assigned address of the latter on the data network and 
dovmloads said operational communication parameters to the connectivity unit. 

12. A method according to claim 11, wherein the connectivity unit stores an identity 
sequence specific to the connectivity unit, this identity sequence being included in the user 
name passed to the authorisation server and bemg checked by the latter against a database of 
vahd identity sequences, access to the data network only being authorised if the identity 
sequence included in the user name is a valid one. 

13. A method according to claim 1 1, wherein the connectivity unit stores an identity 
sequence specific to the connectivity unit and the authorisation server is associated with a 
configuration domain; the usemame passed by the connectivity unit to the data-network 
access point being of the form: 

identity sequence of connectivity unit @ configuration domain 
and the data-network access point recognising the configuration_domain as indicating the 
authorisation server to be used and thereupon contacting the latter over the data network and 
passing it the identity sequence contained in the usemame it received fi-om the connectivity 
unit. 

14. A method according to claim 1 1, wherein an identifier of the subscriber-connection on 
the access network is passed to the data-network access point in signalling information of 
the access network, this subscriber-connection identifier being passed on by the data- 
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network access point to the authorisation server which in turn passes it to the configuration 
manager. 

15. A method according to claim 14, wherein said subscriber-connection identifier is stored 
by the configuration manager in the computer record of the related user. 

16. A method according to claim 14, wherein said subscriber-connection identifier 
constitutes said identity data item and is used, upon being received by the configuration 
manager fi-om the authorisation server, to access the corresponding user computer record. 

17. A method according claim 1, wherein the communications infi-astructure comprises a 
data network to which the data processing system of the configuration service is connected, 
and an access network to which the user has a subscriber connection and which provides 
access to the data network through a data-network access point, the said second phase 
involving the following steps: 

(a) - the connectivity unit connects via the user's subscriber connection across the access 

network to the data-network access point using addressing information for the latter 
held as part of said configuration communication parameters; 

(b) - the data-network access point authorises access by the connectivity imit to the data 

network on the basis of a usemame and password which are included in said 
configuration communications parameters and are passed to the access point by the 
connectivity unit, the data-network access point effecting this authorisation by using 
the services of an authorisation server of said data processing system; 

(c) - upon access being authorised in step (b), the data-network access point assigns an 

address for the connectivity unit on the data network and passes this address to the 
connectivity unit; and 

(d) - the connectivity unit contacts the configuration manager over the data network at an 

address held by the connectivity unit as part of said configuration communication 
parameters, the configuration manager subsequently tiransmitting said operational 
communication parameters to the connectivity unit. 
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18. A method according to claim 17, wherein the connectivity unit stores an identity 
sequence specific to the connectivity unit, this identity sequence being included in the user 
name passed to the authorisation server and being checked by the latter against a database of 
valid identity sequences, access to the data network only being authorised if the identity 
5 sequence included in the user name is a valid one. 



19. A method according to claim 17, wherein the connectivity unit stores an identity 
sequence specific to the connectivity unit and the authorisation server is associated with a 
configuration domain; the usemame passed by the connectivity unit to the data-network 

10 access point being of the form: 

identity sequence of connectivity unit @ configurationdomain 
and the data-network access point recognising the configuration domain as indicating the 
authorisation server to be used and thereupon contacting the latter over the data network and 
passing it the identity sequence contained in the usemame it received from the connectivity 

15 unit. 



20. A method according to claim 17, wherein an identifier of the subscriber-connection on 
the access network is passed to the data-network access point in signalling information of 
the access network, this subscriber-connection identifier being passed on by the data- 
20 network access point to the authorisation server which in turn passes it to the configuration 
manager. 



21. A method according to claim 1 , fiirther comprising a third phase in which at the end of 
said second phase the data processing system initiates the sending of a wake-up indication 
25 to the connectivity unit, the latter responding to receipt of this indication by seeking to 
connect across the communications infrastructure to the service entity using the said 
operational communications parameters passed to it during said second phase whereby to 
check that the connectivity unit has been correctly configured for communication with the 
service entity. 



30 
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22. A method according to claim 21, wherein said service entity facilitates the setting up of 
a communication connection over the communications infrastructure between the 
connectivity imit and a selected end system, and wherein: 

(a) - in the course of said first phase, an electronic address book is created in the service 

system for said user using information provided by the user, entries in the address 
book corresponding to particular end systems, and 

(b) - upon communication being established between the connectivity entity and the service 

entity during said thkd phase, the service entity passes a copy of the electronic address 
book to the connectivity unit. 

23. A method according claim 21, wherein the communications infrastructiire comprises a 
data network to which the data processing system of the configuration service is connected, 
and an access network to which the user has a subscriber connection and which provides 
access to the data network through a data-network access point; and wherein an identifier of 
the subscriber connection on said access network is stored in the computer record of the user 
and said wake-up indication takes the form of a call placed to said subscriber connection. 

24. A method according to claim 23, wherein said subscriber-connection identity is entered 
into said computer record during said second phase, the subscriber-connection identifier 
being passed to the data-network access point in signalHng information of the access 
network and then being forwarded to the data processing system of the configuration service 
for entry into said computer record. 

25. A method according to claim 1, including a further phase of reconfiguring the 
connectivity unit in which the configuration service transmits to the connectivity unit across 
the communications infirastructure a new set of operational communications parameters 
which the connectivity imit thereafter uses when accessing the service entity, said further 
phase being initiated by the configuration service setting a reconfiguration indicator which 
the connectivity unit reads during subsequent communication with the service entity. 

26. A method according to claim 25, wherein said further phase is initiated by the 
configuration service selectively: 



60 

in an active manner, by waking up the connectivity unit to cause it to communicate 
with the service entity; or 

in a passive manner, by waiting until the connectivity unit next connects to the service 
entity. 

27. A method according claim 25, wherein: 

the communications infirastructure comprises a data network to which the data 
processing system of the configuration service is connected, and an access network to 
which the user has a subscriber connection and which provides access to the data 
network through data-network access points; 

said preloaded configuration communications parameters comprise parameters for 
accessing the data network through a first one of said data-network access points, and 
said operational communications parameters comprise parameters for accessing said 
data network through a second one of said data-network access points, the 
connectivity unit using the first data-network access point for accessmg the 
configuration service during said second phase and the second data-network access 
point for subsequently accessing said service entity; and 

said reconfiguration indicator is selectively set by the configuration service to fiarther 
indicate to the connectivity unit which of said first and second data-network access 
points is to be used for receiving the new operational communications parameters in 
said further phase, the connectivity unit on communicating with the service entity 
through the second data-network access point and ascertaining fi-om said 
reconfiguration indicator that the first data-network access point is to be used to 
receive new operational parameters, thereafter connecting to the configuration service 
through that access. 

28. A method according to claim 27, wherein use of the first data-network access point is 
without charge to the user whereas use of the second data-network access point by the user 
is subject to a charge. 

29. A method according to claim 1 , including a fiirther phase of reconfiguring the 
connectivity unit in which the configuration service transmits to the connectivity unit across 
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the communications infirastructxire a new set of operational communications parameters 
which the connectivity unit thereafter uses when accessing the service entity, said further 
phase being initiated by the connectivity unit contacting the configuration service. 

30. A method according claim 1, wherein the communications infirastructure comprises a 
data network to which the data processing system of the configuration service is connected, 
and an access network to which the user has a subscriber connection and which provides 
access to the data network through data-network access points; said preloaded configuration 
communication parameters comprising data for accessing the data network through a first 
one of said data-network access points, and said operational communications parameters 
comprising data for accessing said data network through a second one of said data-network 
access points, the connectivity unit using said first data-network access point for accessing 
the configuration service during second phase and said second data-network access point for 
subsequently accessing said service entity. 

31. A configuration service system for configuring a connectivity unit for communication 
with a service entity across a commimications infrastiiicture, said connectivity unit having 
configuration communications parameters pre-installed therein prior to a user taking 
possession of the unit, the configuration service system comprising: 

a data processing system including a store for holding user-related information; 
a call center to which user-related information about a new user of a connectivity unit 
can be passed for entry into the data processing system for storage in said store; the 
user-related information including an identity data item; and 
interface means for interfacing the data processing system with the communications 
infi-astructure whereby to enable communication between the data processing system 
and the connectivity imit of the new user; access to the data processing system through 
the interface means requiring knowledge of at least one said configuration 
communications parameter; 
the data processing system fiuther including: 

means for accessing the user-related information held in said store on the basis of a 
said identity data item received across the communications infi-astructure during the 
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course of communication with a said connectivity unit, this identity data item serving 
to identify the connectivity unit to the data processing system; 
means for deriving for the connectivity unit of said new user, operational 
communication parameters on the basis of said user-related information; and 
5 - means for transmitting said operational communications parameters to the 

connectivity unit operational for use by the latter for communicating with said service 
entity. 

32. A configuration service system according to claim 29, wherein the said identity data 
10 item is an identity sequence specific to the connectivity unit and the pre-installed 

configuration coromimications parameters include a public-key / private-key cryptographic 
key pair with an identity-sequence certificate Unking the public key to the identity sequence 
of the connectivity unit; the data processing system having authentication means comprising 
means for verifying the authenticity of a said identity-sequence certificate passed by the 
1 5 connectivity unit to the data processing system whereby to verify the association between 
the pubhc key and identity sequence in the certificate. 

33. A configuration service system according to claim 29, wherein the authentication means 
further comprises means for effecting a cryptographic-based challenge-response interchange 

20 between the connectivity unit and data processing system whereby to confirm that the 

connectivity unit is the possessor of the private key related to the public key passed in the 
identity-sequence certificate and thereby authenticate the unit as the one bearing the identity 
sequence included in the certificate. 

25 34. A configuration service system according to claim 31, wherein said identity data item is 
a telephone nimiber associated with the user, the data processing system being arranged to 
receive this telephone number over the commimications infrastructure as data extracted from 
signalhng information of a telephone network to which the user is a subscriber. 

30 35. A configuration service system according claim 31 intended for use with a 

communications infrastructure comprising a data network, and an access network to which 
the user has a subscriber connection and which provides access to the data network through 
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a data-network access point; the configuration service system having its interface means 
connected to the data network and further comprising an authorisation server for providing a 
logon authorisation service to said data-network access point in respect of connectivity imits 
requesting access to the configuration service system through that access point. 

5 

36. A configuration service system according to claim 31, further comprising means for 
sending a wakeup indication to said connectivity xmit for causing the latter to contact said 
service entity, the data processing system after transmitting said operational 
communications parameters to the connectivity unit triggering the wakeup means to send a 
10 said wakeup indication to the connectivity unit after the latter has terminated its 
communication with the data processing system. 



37. A configuration service system according claim 36, wherein the communications 
infrastructure comprises a data network to which the interface means of the configuration 

15 service system is connected, and an access network to which the user has a subscriber 
connection and which provides access to the data network through a data-network access 
point; said user-related information held in said store including an identifier of the 
subscriber connection on said access network and said wake-up indication placed by the 
wakeup means taking the form of a call to said subscriber connection. 

20 

38. A connectivity unit for communicating with a service entity across a communications 
infrastructure, said connectivity unit comprising: 

a store holding configuration commimications parameters including a public-key / 
private-key cryptographic key pair with an identity-sequence certificate linking the 

25 public key to an identity sequence specific to the connectivity unit; 

communication means for establishing communication across said communications 
infrastructure with a remote entity in accordance with communications parameters 
held in said store, the commimications means including authentication means for 
authenticating the coimectivity unit to the remote entity, the authentication means 

30 comprising means for passing a key certificate to the remote entity, and 

configuration initiation means for causing the communication means to establish 
communication across said communications infrastructure with a configuration service 
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by using said configuration communications parameters held in said store, the said 
key certificate used by the authentication means being the identity-sequence 
certificate; 

download means for downloading operational communications parameters fi-om the 
5 configuration service and storing them in said store; and 

operational control means for causing the communication means to establish 
communication across said communications infirastructure with said service entity by 
using said operational communications parameters held in said store. 

10 39. A connectivity unit according to claim 38, wherein said authentications further 

comprises means for generating and returning a response to a challenge issued by the remote 
entity, the generation of the response involving the use of said private key to effect a 
cryptographic operation on data included in the challenge. 

15 40. A connectivity unit according to claim 38, wherein said configuration initiation means 
is responsive to the absence of valid operational communications parameters in said store 
upon the connectivity unit being powered up and connected to the commimications 
infi-astructure, to automatically trigger the communication means to estabUsh 
communications with the configuration service without requiring the input of data by a user. 

20 

41. A connectivity unit according to claim 38, wherein the communication means is 
operative to establish communication across a communications infirastructure that comprises 
a data network, and an access network to which the user of the connectivity unit has a 
subscriber connection and which provides access to the data network through a data-network 

25 access point, access to the data network through said data-network access point being 

subject to a usemame/password authorisation process; said configuration communications 
parameters held in said store fiirther including the access-network address of the data- 
network access point and a usemame and password for use in said authorisation process, 
said iisemame including said identity sequence specific to the connectivity unit. 

30 

42. A connectivity unit according to claim 41, wherein the usemame included in said 
configuration communications parameters is of the form: 
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identity sequence of connectivity unit @ configuration_domain 
where the configuration_domain serves to indicate to the data-network access point an 
authorisation server to be used in the authorisation process. 

43. A connectivity unit according to claim 38, wherein the operational communications 
parameters include a user-identity certificate linking the said public key to the identity of a 
user associated with connectivity unit, the user-identity certificate bemg used as said key 
certificate by the authentication means for authenticatmg the connectivity unit to the service 
entity upon the operational control means causing the communication means to establish 
communication with the service entity. 

44. A connectivity unit for communicating with a service entity across a communications 
infirastructure, said connectivity unit comprising: 

a store holding an identity sequence specific to the connectivity unit and pre-installed 
configuration communications parameters; 

communication means for establishing communication across said communications 
infrastructure with a remote entity in accordance with communications parameters 
held in said store, 

configuration initiation means for causing the communication means to establish 
communication across said communications infi-astructure with a configuration service 
by usmg said configuration communications parameters held in said store; 
identification means operative upon the communication means establishing 
communication with the configuration service, to identify the connectivity unit to the 
configuration service on the basis of said identity sequence specific to the connectivity 
unit; 

download means for downloading operational communications parameters from the 
configuration service and storing them in said store; and 
operational control means for causing the communication means to establish 
communication across said communications infrastinicture with said service entity by 
using said operational communications parameters held in said store; 
the configuration initiation means being responsive to the absence of vaHd operational 
communications parameters in said store upon the connectivity unit being powered up and 
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connected to the communications infrastructure, to automatically trigger the communication 
means to establish commimications with the configuration service without requiring the 
input of data by a user. 



